Elon Musk, head of the Department of Government Efficiency (DOGE). Photo: Times of India .

The criminal group behind the DOGE Big Balls ransomware attack has upped its extortion stakes. A new note, using an image of Elon Musk and references to the DOGE, is demanding $1 trillion from victims.

One of the first reports on the group came from cybersecurity intelligence platform Cyble on April 14. The company detailed how the hackers, in addition to using conventional attack techniques, also combined psychological and media elements to create a viral effect and mislead investigations.

The ransomware is actually an upgraded version of an existing software called Fog. The people behind the recent attack have renamed it DOGE Big Balls. According to Forbes , this move has successfully attracted media attention and differentiated it from other campaigns.

Checkpoint 's report found that malware attacks increased by 126% in the first quarter of 2025, with North America accounting for 62% of the global total. This shows that cybersecurity threats need to be taken more seriously.

However, the hacker group appears to be playing a prank on the government agency. A security report from Trend Micro on April 21 said that the malware is now mercilessly mocking DOGE and Elon Musk.

In late February, the US Federal Personnel Management sent an email to millions of employees with the subject line “What did you do this week?” The letter asked them to list five bullet points of what they did in the previous week. Elon Musk, the head of DOGE, announced on social media that anyone who failed to meet the requirement would be considered to have resigned.

Taking inspiration from the above action, the attackers modified the extortion note to read “Give me 5 bullet points of what you accomplished at work last week, or you owe me $1 trillion .”

In fact, this extortion demand is very serious, according to Forbes . The attackers claim to have copied some of the DOGE data to their internal resources. They advise victims to contact them as soon as possible to resolve the issue, as well as instructions on how to use the Tor browser to proceed to the next step.

In addition to the request, the note also included a warning “don’t tell on me” in an attempt to be humorous. However, the attackers said they had “taken the latitude and longitude coordinates of where you live,” to prove they weren’t lying.

Fog is an active malware suite that targets both individuals and organizations. Cyble 's report says the attackers used a ZIP file called "Pay Adjustment.zip" that contained a phishing shortcut to deploy the malware. The shortcut would trigger the next steps of the attack when the user opened the file.

Additionally, the attackers leveraged a long-known security vulnerability known as CVE-2015-2291. They would perform an elevation of privilege, allowing the malware to gain deeper access to the system and critical parts of the operating system.

Source: https://znews.vn/elon-musk-bi-hacker-tong-tien-1000-ty-usd-post1548340.html